[chef-dev] Re: Create ldap users LWRP

Chronological Thread 
  • From: Jesse Campbell < >
  • To: Jay Flowers < >
  • Cc: chef-dev < >
  • Subject: [chef-dev] Re: Create ldap users LWRP
  • Date: Sun, 30 Dec 2012 12:05:13 -0500

My first thought would be simply that it isn't an easy task to accomplish, most ldap servers store their content in a database, so you'd need to interface through an API for adding the users.

Which LDAP head would you support? 389 ladp? openldap? active directory?
Which attributes would you support? there is the somewhat standard way that rhel families expect you to configure things, the naming style that authconfig expects, though you can override everything... then there's the way debian expects things to be named. group membership can be defined as having the groups list be an string attribute of the user, or a user list be a string attribute of the group, or you can use one of three different object types and structures to assign user/group relationships...

I'd say go for it :)
In my group we threw up our hands at ldap and went for AD (which also supports tie-in with the routers and firewalls, and it looks easier to develop an openid auth service that is backed by AD than one backed by ldap, which would get us central authentication to chef as well)

On Sun, Dec 30, 2012 at 10:57 AM, Jay Flowers < " target="_blank"> > wrote:
Maybe I am missing something...  I am surprised that I cannot find a LWRP to create ldap users.  I would have thought it common to iterate over a data_bag set managing ldap users.  When I search around I do not find evidence that this is common, i.e. no LWRP for creating ldap users...  Would this be a bad practice for some reason I do not see?  Or is there some other reason no one has yet to create and publish a LWRP for this?


Jay Flowers

Archive powered by MHonArc 2.6.16.